By Stephen Newman, CTO of Damballa
Cyber attackers have an abundance of opportunities to steal or modify data and disrupt business services, and their playground grows bigger and more diverse every day as the world becomes increasingly more digital. Going into 2016, we expect to see a number of new attack targets in the headlines, drawing everyone’s attention to the lack of privacy and security in our interconnected world. And while data breaches are common news today, below are the top 6 hacks we believe are likely to affect your life in a variety of ways in 2016.
There’s big money in fantasy sports. According to the Fantasy Sports Trade Association, Americans spend about $15 billion playing fantasy sports. That’s about 32 million Americans each spending $467. Consider that each of those 32 million Americans also provide their name, address, email address, billing and/or credit card information, and you’re also looking at a truckload of customer data that could turn a reasonable profit on the black market.
Fantasy sports have not been immune to security threats. About two years ago application security testing firm NT OBJECTives discovered a vulnerability in Yahoo’s Fantasy Football mobile app. If exploited, attackers could change team lineups and post imposter comments on message boards. More recently, a DraftKings employee admitted to accidentally posting confidential data, which led to accusations of insider trading. This type of activity is likely to reoccur, if not in the realm of fantasy sports then perhaps in the world of financial trading, where traders trade in other accounts so they don’t get caught.
At any rate, we predict that one of the leading fantasy sports sites – FanDuel or DraftKings – will suffer a major hack in 2016. Attackers will be looking to steal customer data or manipulate results to win big pools, which can total hundreds of thousands of dollars.
Four years is a long time when it comes to technological innovation. Consider social networks: CIO reports that candidates in the 2016 U.S. Presidential election use more social networks than politicians of the past. No one could’ve guessed in 2012 that Facebook and Twitter would be joined by the likes of Snapchat, Pinterest and Instagram as mainstream social networks. And there’s no telling what digital technologies will impact future presidential campaigns. However, one thing is for certain: With every campaign, more of the candidates’ personal information is online. In 2016, we believe that at least one candidate will get hacked. But that’s not all. The unveiling of confidential or private information will change the course of the election. With so much personal data available, extortion and blackmail-type schemes are likely to increase in 2016 as well.
Planes, trains and automobiles
In July 2015, software engineers Charlie Miller and Chris Valasek demonstrated how they could remotely exploit a zero-day vulnerability to send commands through a Jeep Cherokee’s entertainment system to its dashboard functions, steering, brakes and transmission. To make matters worse, automobile manufacturers aren’t being forthright about hacker and privacy threats as a result of connected systems. Not only will we see more proof of concept scenarios in the coming year, but Damballa predicts that a major transport manufacturer will be hacked in the real world, with serious implications for personal safety.
With drones becoming more widely available, we expect them to also play a role in next year’s hacking activities. Researchers are already at work building software that can be loaded onto a drone and can penetrate consumer devices and networks, as well as enterprise networks. It won’t take long before an attacker uses this software (one system is already available on GitHub) to conduct a large-scale cyber attack. Healthcare and government organizations will be prime targets because of the type and value of information they hold. Alternatively, we may see attackers begin to target the drones themselves to achieve remote control.
Major sporting event
The World Cup, Summer Olympics or Super Bowl 50 – one of these major sporting events will also be a cyber event in 2016. It’s not too difficult to imagine a nation state tampering with Olympic timing machines, for example, to help its athletes win in a split-second race, or hackers tampering with scores to win large bets. Such an attack could have a significant impact on international politics as well as the popular culture associated with the event.
Traditional Attacks Remain Prominent
Even as these new attacks take front-and-center stage in the coming year, we will continue to see activity from tried-and-true attacks that are still going strong. For example, banking Trojans and spear phishing continue to be effective campaigns. We also continue to see activity from Nuclear, which has been around since 2011 and remains the most successful exploit kit available. Attackers continue to use SQL injection attacks as well to put malware on small websites as a repository.
We would love to be wrong about any one of these attacks occurring in 2016, but the acceleration of innovation combined with the lack of attention given to security and privacy only increase their likelihood. It is more important than ever that going into the New Year both companies and individuals take great care to protect themselves.
About the Author
Stephen Newman brings over 17 years of technology innovation and leadership to Damballa. He has designed products and product strategies for leading, innovative technologies throughout his career. Since joining Damballa in 2009, his team has successfully built upon the company’s 16 patented/patent-pending innovations to create advanced threat detection solutions that harness big data science. Specific contributions include the creation of contextual-based detection engines; the Case Analyzer, an intelligence platform that makes automatic decisions about the status of infected devices; and Risk Profilers, which prioritize compromised assets so incident responders can take immediate action on incidents. Today, Damballa’s enterprise and ISP solutions are the industry’s most mature and sophisticated, protecting more than half a billion devices globally.
Prior to joining Damballa, Stephen developed a range of security products for companies like EarthLink, MegaPath, Secure Computing, and McAfee. Stephen is a frequent speaker at industry conferences and unique user groups, including the Federal Reserve Bank and the US Embassy in Canada. His passion is to jointly whiteboard with prospects
Widget not in any sidebars
- Five Questions You Need To Ask Yourself When Evaluating SIEM Solutions - November 8, 2017
- Winning the Data Breach War with User and Entity Behavioral Analytics - November 3, 2017
- 5 Alternatives to The Gartner Magic Quadrant for SIEM - October 31, 2017